Endpoint Manager Ivanti Endpoint Manager

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Ivanti Endpoint Manager.

By the Year

In 2025 there have been 10 vulnerabilities in Ivanti Endpoint Manager with an average score of 7.2 out of ten. Last year, in 2024 Endpoint Manager had 45 security vulnerabilities published. Right now, Endpoint Manager is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.65




Year Vulnerabilities Average Score
2025 10 7.16
2024 45 7.81
2023 6 8.32
2022 3 8.10
2021 0 0.00
2020 6 7.50
2019 1 9.80
2018 0 0.00

It may take a day or so for new Endpoint Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Ivanti Endpoint Manager Security Vulnerabilities

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7

CVE-2025-22458 7.8 - High - April 08, 2025

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

DLL preloading

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7

CVE-2025-22459 4.8 - Medium - April 08, 2025

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

Improper Certificate Validation

SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7

CVE-2025-22461 7.2 - High - April 08, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.

SQL Injection

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7

CVE-2025-22464 6.1 - Medium - April 08, 2025

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

Untrusted Pointer Dereference

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7

CVE-2025-22465 6.1 - Medium - April 08, 2025

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.

XSS

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7

CVE-2025-22466 9.6 - Critical - April 08, 2025

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

XSS

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update

CVE-2024-13159 7.5 - High - January 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Absolute Path Traversal

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update

CVE-2024-13160 7.5 - High - January 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Absolute Path Traversal

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update

CVE-2024-13161 7.5 - High - January 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Absolute Path Traversal

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update

CVE-2024-10811 7.5 - High - January 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Directory traversal

Ivanti Endpoint Manager SQL Injection Vulnerability

CVE-2024-34781 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Ivanti Endpoint Manager SQL Injection Vulnerability

CVE-2024-37376 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Ivanti Endpoint Manager Path Traversal Vulnerability

CVE-2024-34787 7.8 - High - November 13, 2024

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

Ivanti Endpoint Manager SQL Injection Vulnerability

CVE-2024-34784 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Ivanti Endpoint Manager SQL Injection Vulnerability

CVE-2024-34782 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Ivanti Endpoint Manager SQL Injection Vulnerability

CVE-2024-34780 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update

CVE-2024-32847 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update

CVE-2024-32844 - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update

CVE-2024-32841 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update

CVE-2024-32839 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Ivanti Endpoint Manager SQL Injection Vulnerability

CVE-2024-50328 7.2 - High - November 12, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

Ivanti Endpoint Manager Path Traversal Vulnerability

CVE-2024-50322 7.8 - High - November 12, 2024

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

Directory traversal

Ivanti Endpoint Manager SQL Injection Vulnerability

CVE-2024-50323 7.8 - High - November 12, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

SQL Injection

Ivanti Endpoint Manager: Path Traversal Vulnerability in File Upload Component

CVE-2024-50324 7.2 - High - November 12, 2024

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Directory traversal

Ivanti Endpoint Manager SQL Injection Vulnerability

CVE-2024-50326 7.2 - High - November 12, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

Ivanti Endpoint Manager SQL Injection Vulnerability

CVE-2024-50327 7.2 - High - November 12, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

Ivanti Endpoint Manager SQL Injection Vulnerability

CVE-2024-50330 9.8 - Critical - November 12, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.

Ivanti Endpoint Manager Path Traversal Vulnerability

CVE-2024-50329 8.8 - High - November 12, 2024

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

Directory traversal

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-32840 7.2 - High - September 12, 2024

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-34779 7.2 - High - September 12, 2024

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-34783 7.2 - High - September 12, 2024

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-34785 7.2 - High - September 12, 2024

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-29847 9.8 - Critical - September 12, 2024

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

Marshaling, Unmarshaling

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-32842 7.2 - High - September 12, 2024

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-32843 7.2 - High - September 12, 2024

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-32845 7.2 - High - September 12, 2024

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-32846 7.2 - High - September 12, 2024

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-32848 7.2 - High - September 12, 2024

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQL Injection

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-8191 9.8 - Critical - September 10, 2024

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

SQL Injection

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-8320 5.3 - Medium - September 10, 2024

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

Missing Authentication for Critical Function

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-8321 8.6 - High - September 10, 2024

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.

Missing Authentication for Critical Function

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-8322 8.8 - High - September 10, 2024

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update

CVE-2024-8441 6.7 - Medium - September 10, 2024

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

DLL preloading

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior

CVE-2024-29828 8 - High - May 31, 2024

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

SQL Injection

A buffer overflow allows a low privilege user on the local machine

CVE-2024-22058 - May 31, 2024

A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior

CVE-2024-29823 8.8 - High - May 31, 2024

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

SQL Injection

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior

CVE-2024-29824 8.8 - High - May 31, 2024

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

SQL Injection

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior

CVE-2024-29825 8.8 - High - May 31, 2024

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

SQL Injection

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior

CVE-2024-29826 8.8 - High - May 31, 2024

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

SQL Injection

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior

CVE-2024-29827 8.8 - High - May 31, 2024

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

SQL Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Ivanti Endpoint Manager or by Ivanti? Click the Watch button to subscribe.

Ivanti
Vendor

subscribe